"Site cannot be reached" DNS_PROBE_FINISHED_NXDOMAIN

3 users on our site in the last 12 hours have reported that our site returns the error “Site cannot be reached” DNS_PROBE_FINISHED_NXDOMAIN when they try to visit it. I can’t reproduce the error in any of our internal testing machines or testing software in any part of the world. But it is obviously happening due to the reports.

It is still occuring for one user 15 hours after he first noticed it. It is occuring in Safari and Chrome (normal and incognito) on a Mac.

In the Cloudflare DNS Queries Dashboard it shows there have been about 50 NXDOMAIN responses spread evenly over the last 6 hours.

How do I get to the bottom of this issue? What could be causing these errors for users?

Hi @tgowing,

Would you be able to get any additional troubleshooting information from the users having issues? Some good tips on what to ask for in this post:

1 Like

I am now seeing the issue myself:

This is from the HAR file from the Chrome browser:
{
“log”: {
“version”: “1.2”,
“creator”: {
“name”: “WebInspector”,
“version”: “537.36”
},
“pages”: ,
“entries”: [
{
“_initiator”: {
“type”: “other”
},
“_priority”: “VeryHigh”,
“_resourceType”: “document”,
“cache”: {},
“request”: {
“method”: “GET”,
“url”: “https://www.humancondition.com/”,
“httpVersion”: “”,
“headers”: [
{
“name”: “sec-ch-ua”,
“value”: “” Not;A Brand";v=“99”, “Google Chrome”;v=“91”, “Chromium”;v=“91"”
},
{
“name”: “sec-ch-ua-mobile”,
“value”: “?0”
},
{
“name”: “Upgrade-Insecure-Requests”,
“value”: “1”
},
{
“name”: “User-Agent”,
“value”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36”
}
],
“queryString”: ,
“cookies”: ,
“headersSize”: -1,
“bodySize”: 0
},
“response”: {
“status”: 0,
“statusText”: “”,
“httpVersion”: “”,
“headers”: ,
“cookies”: ,
“content”: {
“size”: 0,
“mimeType”: “x-unknown”
},
“redirectURL”: “”,
“headersSize”: -1,
“bodySize”: -1,
“_transferSize”: 0,
“_error”: “net::ERR_NAME_NOT_RESOLVED”
},
“serverIPAddress”: “”,
“startedDateTime”: “2021-07-08T00:51:31.578Z”,
“time”: 17.051000002538785,
“timings”: {
“blocked”: 17.051000002538785,
“dns”: -1,
“ssl”: -1,
“connect”: -1,
“send”: 0,
“wait”: 0,
“receive”: 0,
“_blocked_queueing”: -1
}
},
{
“_initiator”: {
“type”: “other”
},
“_priority”: “VeryHigh”,
“_resourceType”: “document”,
“cache”: {},
“request”: {
“method”: “GET”,
“url”: “https://www.humancondition.com/”,
“httpVersion”: “”,
“headers”: [
{
“name”: “sec-ch-ua”,
“value”: “” Not;A Brand";v=“99”, “Google Chrome”;v=“91”, “Chromium”;v=“91"”
},
{
“name”: “sec-ch-ua-mobile”,
“value”: “?0”
},
{
“name”: “Upgrade-Insecure-Requests”,
“value”: “1”
},
{
“name”: “User-Agent”,
“value”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36”
}
],
“queryString”: ,
“cookies”: ,
“headersSize”: -1,
“bodySize”: 0
},
“response”: {
“status”: 0,
“statusText”: “”,
“httpVersion”: “”,
“headers”: ,
“cookies”: ,
“content”: {
“size”: 0,
“mimeType”: “x-unknown”
},
“redirectURL”: “”,
“headersSize”: -1,
“bodySize”: -1,
“_transferSize”: 0,
“_error”: “net::ERR_NAME_NOT_RESOLVED”
},
“serverIPAddress”: “”,
“startedDateTime”: “2021-07-08T00:51:38.790Z”,
“time”: 16.91400000709109,
“timings”: {
“blocked”: 16.91400000709109,
“dns”: -1,
“ssl”: -1,
“connect”: -1,
“send”: 0,
“wait”: 0,
“receive”: 0,
“_blocked_queueing”: -1
}
}
]
}
}

This happens when I do the dig command:
; <<>> DiG 9.10.6 <<>> www.humancondition.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37419

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.humancondition.com. IN A

;; Query time: 64 msec

;; SERVER: 172.20.10.1#53(172.20.10.1)

;; WHEN: Thu Jul 08 10:49:13 AEST 2021

;; MSG SIZE rcvd: 51

@tgowing could you run the tests listed here when you can replicate the NXDOMAIN:

@simon Thanks very much for looking at this. Please let me know if you need anything further.


% dig www.humancondition.com

; <<>> DiG 9.10.6 <<>> www.humancondition.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19351

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.humancondition.com. IN A

;; Query time: 5 msec

;; SERVER: 172.20.10.1#53(172.20.10.1)

;; WHEN: Fri Jul 09 18:29:54 AEST 2021

;; MSG SIZE rcvd: 51


dig www.humancondition.com @1.1.1.1

; <<>> DiG 9.10.6 <<>> www.humancondition.com @1.1.1.1

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14783

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

;; QUESTION SECTION:

;www.humancondition.com. IN A

;; ANSWER SECTION:

www.humancondition.com. 126 IN A 104.26.13.9

www.humancondition.com. 126 IN A 172.67.68.99

www.humancondition.com. 126 IN A 104.26.12.9

;; Query time: 43 msec

;; SERVER: 1.1.1.1#53(1.1.1.1)

;; WHEN: Fri Jul 09 18:31:46 AEST 2021

;; MSG SIZE rcvd: 99


% dig www.humancondition.com @8.8.8.8

; <<>> DiG 9.10.6 <<>> www.humancondition.com @8.8.8.8

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51570

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;www.humancondition.com. IN A

;; ANSWER SECTION:

www.humancondition.com. 299 IN A 104.26.13.9

www.humancondition.com. 299 IN A 104.26.12.9

www.humancondition.com. 299 IN A 172.67.68.99

;; Query time: 207 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Fri Jul 09 18:33:54 AEST 2021

;; MSG SIZE rcvd: 99


curl www.humancondition.com/cdn-cgi/trace traceroute simon.ns.cloudflare.com

curl: (6) Could not resolve host: www.humancondition.com

curl: (6) Could not resolve host: traceroute

So what I see here is that your local resolver is returning NXDOMAIN if you check the bottom of the dig output:

;; SERVER: 172.20.10.1#53(172.20.10.1)

Whatever is 172.20.10.1 is on your local network is where I would investigate - whatever DNS resolver is being used looks to be at fault. I say this because your dig commands to Cloudfalre & Google’s DNS resolvers show that the domain can be resolved successfully - and we can see this working elsewhere, too:

https://dig.ping.pe/www.humancondition.com:A:8.8.8.8
https://dig.ping.pe/www.humancondition.com:A:1.1.1.1
https://dig.ping.pe/www.humancondition.com:A:9.9.9.9

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.